Tech N Toast®

Microsoft Dynamics CRM Internet-Facing Deployment

IFD stands for Internet-Facing Deployment

Expose the system outside your local network, which usually refers to on-premises where forms authentication is enabled on the server, and employees are able access the application while they are away from the office.

IFD stands for Internet-Facing Deployment. It becomes important when you want your employees to access CRM in their browser outside your organization. If IFD is implemented, the employees can access the application from any part of the world. 

Read my technical book Microsoft Dynamics : Internet-Facing Deployment (IFD) 

Let's understand the basic concept - Your company is using Dynamics 365 CRM, and you are able to access it until you are working within the company or within the local network or domain.

Now, you go somewhere else. From your country to another or from your office to another place, which is quite far from the office. You try to access the application over the internet, but you cannot because Internet Facing Deployment is not configured. You need to have ADFS (Active Directory Federation Services) and IFD configured.

An example of IFD URL - https://NeerajKumar(organization name). (port number) 

It can be enabled for tablets and mobiles phones as well.

Microsoft Dynamics CRM Internet Facing deployment

ADFS - Active Directory Federation Services was introduced in 2011. It is used for STS (Single Token Signing), and contains the encrypted signing in information. If your employee wants to access the application outside the organization, Single Sign-On (SSO) method will be used to provide the access.
First, configure Security Token Services - Active Directory Federation Services, and then Claim Based Authentication. At the end, configure Internet Facing Deployment.

You will be using HTTPS-configured website to deploy the application. You can install (Active Directory Federation Services) and Microsoft Dynamics on the same server, but you will use different port numbers for both. ADFS will always use the default site in IIS. Please create new site for CRM. I will always advise you to use two separate servers for ADFS and CRM. 

You also need DNS, Discovery Web Service, and Web Application Server records to configure IFD. If more than one CRM organization, please add all records. You also need to specify Internal domain and external domain.  

Claim Based Authentication will be enabled for your users to access CRM outside the local network. You can use it to customize login page. HTTPs security is must. Claims based Authentication is configured, enabled and disabled in Deployment Manager. It was introduced in 2011 to authenticate users internally and externally. 

Users can use windows authentication to login to their CRM accounts, if Claim Based Authentication is not required. Use Internet Explorer to provide direct access - Go to Tools (alt +x) > Internet Options > Security > Local Intranet > Custom Level...

Deployment manager is used to run the Internet Facing Deployment. The manager can also be used to disable it if required.

IFD is the securest way to expose CRM to the internet because you will expose just front end over HTTPS. Then, ADFS is required for further authentication.